On Thu, Aug 12, 2010 at 05:07:47PM +0200, Dominik Brodowski wrote: > commit 127c03cdbad9bd5af5d7f33bd31a1015a90cb77f upstream. > > NR_IRQS may be as low as 16, causing a (harmless?) buffer overflow in > pcmcia_setup_isa_irq(): > > static u8 pcmcia_used_irq[NR_IRQS]; > > ... > > if ((try < 32) && pcmcia_used_irq[irq]) > continue; > > This is read-only, so if this address would be non-zero, it would just > mean we would not attempt an IRQ >= NR_IRQS -- which would fail anyway! > And as request_irq() fails for an irq >= NR_IRQS, the setting code path: > > pcmcia_used_irq[irq]++; > > is never reached as well. > > Reported-by: Christoph Fritz <chf.fr...@googlemail.com> > Signed-off-by: Dominik Brodowski <li...@dominikbrodowski.net> > Signed-off-by: Christoph Fritz <chf.fr...@googlemail.com> > > --- > > Note: a similar patch is already queued for 2.6.35.2. This patch applies to > 2.6.34 and all other previous stable kernels still maintained.
Thanks, I've applied this to the .32 and .34 stable trees. greg k-h _______________________________________________ Linux PCMCIA reimplementation list http://lists.infradead.org/mailman/listinfo/linux-pcmcia
